The subject discussed herein relates to a biometrics authentication method for authenticating an individual by using personal biometric information.
In an individual authentication system using biometric information, the biometric information of an individual is acquired at the time of initial registration and information called feature is extracted and registered. The feature registered is termed a template. During authentication, the biometric information is again captured from the individual to extract the feature which in turn is collated with the precedently registered template to confirm whether or not the individual is the person in question. When, in a system having a client unit (simply referred to as a client) and a server unit (simply referred to as a server) coupled together through a network, the server carries out biometrics authentication of a user being present on the client side, the server holds a template typically. The client acquires biometric information the user, extracts a feature to transmit it to the server and the server collates the feature with the template to confirm whether or not the user is the person in question.
The template is however, effective information to identify an individual and is thereof required to be managed stringently as personal information, incurring high costs of management.
Further, even if the information is placed in stringent management, many persons having their privacy in mind will psychologically be reluctant to resister the template. In addition, the biometric information remains unchanged through life and cannot be changed easily in contrast to the password and the encrypted key. Conceivably, the biometric information may be exchanged for different one but the number of pieces of biometric information of one kind a single individual has is limited (for example, the number of fingerprints is limited to the number of fingers), failing to provide essential solving measures. Accordingly, in case the template is leaked facing a risk of forgery, their arises a problem that the biometrics authentication cannot be used safely ever since. Furthermore, if the same biometric information is registered in a different system, even the different system will be exposed to the menace.
Under the circumstances, a method as described in “Enhancing security and privacy in biometric-based authentication systems by N. K. Ratha, J. H. Connell and R. M. Bolle, IBM system Journal 40(3), 2001 (reference 1) has been proposed, according to which during registration of biometric information, a feature is transformed with the help of a particular function (a kind of encryption) and a secret parameter (a kind of encrypted key) the client has and the original information is taken in custody as a template by the server while being kept to be concealed and during authentication, a feature of biometric information newly extracted by the client is transformed with the same function and parameter as those above and transmitted to the server, and the server collates the received feature with the template while keeping them transformed (termed cancelable biometrics authentication).
According to the above method, the client keeps the transform parameter secret and so the server cannot know the original feature even during authentication and the privacy of individual can be protected.
Further, even if the template is leaked, the security can be assured by changing the transform parameter, preparing a template again and registering it. In addition, when the same biometric information is used for a different system, templates transformed with the help of different parameters, respectively, are registered so that even with one template leaked, the security of the different system can be prevented from being degraded.